The Opportunity:

No two Oliver Wyman projects are the same.

You’ll be working with varied and diverse teams, to ensure security is baked-in from the start. As an IT Security & Risk analyst, you will work with our business to drive and improve our security and compliance posture. Your work will range from advising on internal projects and initiatives, driving improvements on audit remediation tasks, as well as responding to ad-hoc security request from our colleagues. This role sits in our Information Technology Services team – whose mission is to support Oliver Wyman Group’s goals and values through business partnerships and excellence in design, development, service and application of information and innovative technology solutions for competitive advantage. In other words, the work that you will do matters, and you will be working with some of the brightness, hard-working people in the industry - the work that you will do as an IT Security & Risk analyst will be integral to secure our environment and reduce the risk to the company in a world.

Key Tasks and Responsibilities:

• Support IT projects and initiatives, driving security through participation in the full lifecycle including oversight, compliance with required data classification security controls, research, solution proposal, technical/administrative tasks and other controls as required by the information security policy and other procedures/guidelines to meet project goals
• Identify tasks and controls necessary to remediate identified risks and vulnerabilities; negotiate dates with business owners for remediation to be complete
• Assist in designing and developing supporting frameworks and tools for the ITS Security Controls & Risk Group, and for compliance and risk projects
• Support preparation and remediation activities for Oliver Wyman Group audits, including researching the status of specific controls and determining compliance levels against company policies and procedures. Guide stakeholders in activities to meet security and compliance levels.
• Ensure privacy, risk and compliance requirements are addressed in project scope and deployment for assigned projects
• Monitor appropriate sources for newly identified vulnerabilities and analyse risk potentially posing a threat to the organization’s information and systems, and escalate appropriately to management
• Assist with assigned risk and control activities, such as Logical Security initiatives, access reviews and privacy compliance requirements, tracking issues and action items, and documenting progress across security & risk initiatives.
• Carry out any other tasks given by the Line Manager within the scope of the job to ensure effective delivery and development of the service.

Who we are looking for:

• You are a well-rounded technologist with a strong desire to drive security change
• Minimum 3 years’ experience in information security
• A Bachelors’ degree in Computer Science, MIS, business or equivalent experience is required. An advanced degree is a plus
• IT Security and Risk Certifications (e.g. CISSP, CISM, CRISC) an advantage
• Experience in information systems auditing is a plus.

Skills and credentials:

• Good technical knowledge of information security principles including: risk assessment and management, administrative security controls, identity and access management, cyber security defences, encryption, general application security, and compliance with privacy law and other regulations.
• Ability to weigh business risks and enforce appropriate information security measures, good documentation, and presentation skills
• Knowledge of project development lifecycle, secure development lifecycle and the ability to assess architecture documents for risks, vulnerabilities & threats
• Excellent written and verbal communication skills
• Fluent English
• Planning and organizational skills
• Customer/client service focused
• Polished and professional demeanour.

We offer:

• Full time job contract with an attractive compensation package
• Selection of benefits (e.g. private health care, insurance, sport card, lunch card, gift card, saving plan, pension plan),
• Opportunity for professional growth in a stable, global company,
• Access to mentoring and training programs,
• Inclusive culture with Colleague Resources Groups and CSR activities,
• Working in diverse and dynamic teams, friendly and flexible workplace that promotes work-life balance,
• Fresh fruit, beverages and snacks while working in our modern office near the city center.

Oliver Wyman, a business of Marsh McLennan (NYSE: MMC), is a management consulting firm combining deep industry knowledge with specialized expertise to help clients optimize their business, improve operations and accelerate performance. Marsh McLennan is a global leader in risk, strategy and people, advising clients in 130 countries across four businesses: Marsh, Guy Carpenter, Mercer and Oliver Wyman. With annual revenue of $24 billion and more than 90,000 colleagues, Marsh McLennan helps build the confidence to thrive through the power of perspective. For more information, visit oliverwyman.com, or follow on LinkedIn and X.

Marsh McLennan is committed to creating a diverse, inclusive and flexible work environment. We aim to attract and retain the best people and embrace diversity of age, background, disability, ethnic origin, family duties, gender orientation or expression, marital status, nationality, parental status, personal or social status, political affiliation, race, religion and beliefs, sex/gender, sexual orientation or expression, skin color, or any other characteristic protected by applicable law.

Marsh McLennan is committed to hybrid work, which includes the flexibility of working remotely and the collaboration, connections and professional development benefits of working together in the office. All Marsh McLennan colleagues are expected to be in their local office or working onsite with clients at least three days per week. Office-based teams will identify at least one “anchor day” per week on which their full team will be together in person.